ISSUED BY: GCIS Communications Command Center
18February2011 12:23pmEST
Senate Bill Would Make Leaks a Felony
GCIS CYBER-SECURITY UPDATE: Legislation introduced in the Senate this week would broadly criminalize leaks of classified information. The bill (S. 355) sponsored by Sen. Benjamin Cardin 
(D-MD) would make it a felony for a government employee or contractor who has authorized access to classified information to disclose such information to an unauthorized person in violation of his or her nondisclosure agreement.
Under existing law, criminal penalties apply only to the unauthorized disclosure of a handful of specified categories of classified information (in non-espionage cases). These categories include codes, cryptography, communications intelligence, identities of covert agents, and nuclear weapons design information. The new bill would amend the espionage statutes to extend such penalties to the unauthorized disclosure of any classified information. (Source: Secrecy News/read full report)
U.S. Preparing Cyberwar Strategy Before Threat Grows
GCIS CYBER-SECURITY UPDATE: Deputy Defense Secretary William Lynn said Tuesday that the 
U.S. government is "moving aggressively" to counter evolving cyberthreats and is currently in the final stages of a comprehensive cyberstrategy review. The time to act is now while cyberattacks are still "relatively unsophisticated in nature, short in duration, and narrow in scope," he said.
The danger is that powerful cybertools already exist that one day could be deployed by the nation's adversaries to potentially cause severe economic damage, physical destruction, and even loss of life, Lynn said in a keynote address at the RSA security conference in San Francisco.
"We must have the capability to defend against the full range of cyberthreats," Lynn said. "This is indeed the goal of the Defense Department's new cyberstrategy, and it is why we are pursuing that strategy with such urgency." (Source: CIO Today/read full report)
Antony Asks Forces to Gear Up to Fight Cyber War
GCIS CYBER-SECURITY UPDATE: The Defence Minister Shri AK Antony has called upon the 
Armed Forces to be vigilant against emerging cyber threats. Addressing the centenary celebrations of the Corps of Signals here today, he called upon the forces to keep abreast of latest technologies. Terming the Corps of Signals as the “21st century arm of our forces”, Shri Antony said it has a major role in promoting inter-Service synergy and joint operations.
“The Corps is at the forefront of transforming the Indian Army to a network-centric force. It must continuously enhance its ability to absorb latest technologies in collaboration with the Industry and R&D establishment. The Corps has done commendable work, be it in fielding futuristic strategic defence communication networks, or development of state-of-the-art tactical communication systems. The contribution of the Corps in enhancing cyber security is worth a mention. However, the Corps needs to be ever vigilant, as cyber threats continue to multiply and intensify by the day,” Shri Antony said. (Source: Defense Aerospace/read full report)
Trent Franks Launches Caucus to Address EMP Threat – Introduces SHIELD Act
GCIS CYBER-SECURITY UPDATE: Congressman Trent Franks (AZ-02) today released the following statement, following the official launch of the Congressional EMP Caucus and the 
introduction of H.R. 668, the Secure High-voltage Infrastructure for Electricity from Lethal Damage (or SHIELD) Act.
“The threat of an electromagnetic pulse weapon represents the single greatest asymmetric capability that could fall into the hands of America’s enemies. Should a nuclear weapon from a rogue state such as Iran be detonated in Earth’s atmosphere at a sufficient height above the continental United States, the blast of electromagnetic energy could immediately cripple America’s electric power grid. Currently, the vast majority of the United States’ infrastructure is unsecured and exposed.
“According to some experts, just one properly placed EMP blast could disable so large a swath of American technology that between 70-90% of the United States’ population could become unsustainable. (Source: National Terror Alert/read full report)
Cyber Crime Costs UK £27 Billion Study Finds
GCIS CYBER-SECURITY UPDATE: According to a joint government and industry report, the annual 
loses to cyber crime in the United Kingdom are of £27 billion, of which £21 billion comes from the business sector.
The report was drafted by the Office of Cyber Security and Information Assurance in collaboration with Detica, a company specializing in information intelligence.
The study shows that the main victim of cyber crime is the business sector, which accounts for over ¾ of the loses.
Intellectual property theft is the most costly form of cyber crime to businesses and results in £9.2 billion annual losses.
In this case, IP theft does not refer to illegal file sharing, but to the theft of trade secrets, ideas, designs, methodologies and so on.
The industry sectors most affected by this type of crimes are pharmaceutical/biotech, with over £1.8bn loses, electronic and electrical equipment, with over £1.7bn, and software and computer services, with £1.6bn. (Source: Softpedia/read full report)
Cloud is security battleground for organizations
GCIS CYBER-SECURITY UPDATE: Organizations want to use cloud services to benefit from costs savings and increased efficiency, but security staff are concerned about the risks associated with the cloud, noted Dan Schoenbaum, vice president for business development at Tripwire.
“The business folks want to go there for the obvious benefits, but the security team still views the cloud as new. They don’t quite understand how they can get visibility into the cloud”, Schoenbaum told Infosecurity.
Security teams want to take a more measured approach to the cloud than the business people. They want to start with less critical applications. “The tension between the two sides is on the timing and the criticality of the applications that go there”, he noted.
Organizations “trust themselves for security but they might not necessarily have an established relationship with a cloud provider. It’s hard to build trust with someone you only started working with recently. So these things have been inhibitors for going to the cloud”, he said. (Source: Info Security/read full report)
CBC Reports Canadian Government Hacked By Chinese
GCIS CYBER-SECURITY UPDATE: The Canadian Broadcasting Corp. is reporting that key government agencies in Canada were the targets of a sophisticated cyber attack aimed at stealing sensitive government information.
The attack was first detected in January, 2011, and prompted Canada's Finance Department and Treasury Board off the Internet temporarily in order to clean up after the attack. Among the targets of the attacks were Defence Research and Development Canada, a civilian agency that is part of the Canadian Department of National Defence.
According to the BBC report, issued Thursday, the attacks on the Finance Department started with spear phishing attacks aimed at senior Finance Department personnel, but spread to other targets.
Canadian officials are still trying to assess the damage caused by the attacks, including the quantity and type of data that is believed to have been siphoned from Canadian government networks. (Source: ThreatPost/read full report)
